Skip to main content

IaC Security Configuration Options

The following table shows the configuration options available for the IaC Security scanner. These configuration options can be applied on the Account > Project > Scan levels. These configurations can be set via the web application (UI), CLI or API, as shown in the table below.

Notice

CLI flags are submitted on the scan level with the scan create command. API configs can be configured on the account or project level using the Configuration API or on the scan level as part of the request body of the POST /scans API. When using the POST /scans API the scan.config.kics prefix is left out.

Parameter	Values	Notes	CLI	API
Folder/file filter	Allow users to select specific folders or files to include or exclude from the code-scanning process.	Including a file type - .java Excluding a file type - !.java Use “,” sign to chain file types. for example: .java,.js The parameter also supports including/excluding folders. regex is not supported.	`--iac-security-filter <string>`	scan.config.kics.filter
platforms	Ansible AzureResourceManager Buildah CICD CloudFormation Crossplane DockerCompose Dockerfile GoogleDeploymentManager GRPC Knative Kubernetes OpenAPI Pulumi ServerlessFW Terraform	Notice Configure one or more platforms, separated by a comma. The parameter means that you only want to run scans (queries) for those platforms. For example: Ansible, CloudFormation, Dockerfile Warning Any mistake in the platform characters will cause an error.	`--iac-security-platforms <string>, <string>`	scan.config.kics.platforms
Preset Name	All the available IaC Security Presets that exist in the system	There are no Checkmarx Default Presets now. For more information on IaC presets, see here. Warning The preset ID for IaC Security must be a valid UUID. Once you create one, you can copy the PresetID from the IaC Presets page.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.